An approach for testing the krb5 KDC, fixes for UPN support
Andrew Bartlett
abartlet at samba.org
Mon Jan 5 17:38:02 MST 2015
G'Day,
Just a heads-up that I'm looking at how to test the Samba KDC, more than
just by the side-effects it shows in the krb5 libraries.
I realise this has serious portability constraints to the MIT codebase,
but I think this is still worthwhile as a tool for verification.
https://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/krb5-tests
I'm doing this because I need a basis to then implement good tests
around the correct behaviour with regards to the canonicalize flag and
enterprise principal names, for fixing our enterprise UPN support,
raised here:
https://lists.samba.org/archive/samba/2013-October/176422.html
The fixes I have for UPN support are here:
https://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/krb5-upn
However, the back-ported Heimdal patches break our RODC, and while
Garming has done a great job finding the problem, it prompted me to
start on a much better testsuite.
We should also have some canned windows requests to assert responses to
(with fixed up passwords/times).
I'll post this again to the list when we have some more tests written.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list